From b87bd57ad010ee6f091f77b8b1f653afafc0e4c7 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Sun, 28 Jul 2013 18:14:01 -0700
Subject: added webapp.secure flag (turns on secure cookies and HSTS)

---
 provider_base/services/webapp.json                  | 3 ++-
 puppet/modules/site_webapp/templates/config.yml.erb | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 55331274..ed039b01 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -13,7 +13,8 @@
     "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
     "allow_anonymous_certs": "= global.provider.service.allow_anonymous",
     "secret_token": "= secret :webapp_secret_token",
-    "api_version": 1
+    "api_version": 1,
+    "secure": false
   },
   "stunnel": {
     "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index df562cd9..8b4b3bbe 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -2,6 +2,7 @@
 production:
   admins: [admin]
   domain: <%= @provider_domain %>
+  force_ssl: <%= @webapp['secure'] %>
   client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %>
   client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %>
   secret_token: "<%= @secret_token %>"
-- 
cgit v1.2.3